socket_events

Track network socket opens and closes.

Table schema

Name Type Description
action TEXT The socket action (bind, listen, close)
pid BIGINT Process (or thread) ID
path TEXT Path of executed file
fd TEXT The file description for the process socket
auid BIGINT Audit User ID
success INTEGER The socket open attempt status
family INTEGER The Internet protocol family ID
protocol INTEGER The network protocol ID
local_address TEXT Local address associated with socket
remote_address TEXT Remote address associated with socket
local_port INTEGER Local network protocol port number
remote_port INTEGER Remote network protocol port number
socket TEXT The local path (UNIX domain socket only)
time BIGINT Time of execution in UNIX time
uptime BIGINT Time of execution in system uptime
eid TEXT Event ID